Pierce County accidentally shared SSN info linked to hundreds of thousands of voters

Pierce County accidentally shared SSN info linked to hundreds of thousands of voters
Tacoma News Tribune
SHEA JOHNSON
January 18, 2023, 8:31 PM
Pierce County inadvertently shared the last four Social Security digits for more than 463,000 registered voters in response to a public records request, spokeswoman Libby Catalinich said Wednesday.

The sensitive information was sent by mistake last month to one person who sought public voter registration records from the county, Catalinich told The News Tribune.

“It’s a very regrettable situation,” she said.

The hundreds of thousands of people who were affected should start to receive notification letters this week, as early as Wednesday, according to Catalinich.

She said that the person who made the request and subsequently received the sensitive electronic data on Dec. 20 had no intention of using the information and deleted it.

“This wasn’t a breach. It wasn’t someone hacking into a system,” Catalinich said. “It was literally the fulfillment of a very routine public records request, and someone made a simple mistake.”

An employee fulfilling the request accidentally provided a spreadsheet that included the last four digits of the voters’ Social Security numbers, according to a copy of the letter being sent to affected voters. The county collects that data, or a driver’s license number, when people sign up to vote.

The employee in the county Auditor’s Office nearly immediately realized their mistake in December, which is how it came to the county’s attention, Catalinich said. After the employee was unable to undo sending the data, they notified a supervisor.

“The supervisor contacted the requester, an individual acting in good faith, and asked the requester to delete the file and the transmission email,” Catalinich wrote in response to follow-up questions from The News Tribune. “The requester was cooperative, stated this was complete and these items were deleted from the trash folder.”


The letter to affected voters — dated Tuesday and sent by public records officer Whitney Stevens in the Auditor’s Office — said that those actions occurred within two hours of the data’s initial release.

“We have confirmed that there was no widespread dissemination of information and no retention or copying of the information by the requester,” Stevens wrote.

Asked why the county waited nearly a month before notifying affected individuals, Catalinich said that officials wanted to understand the full scope of the issue, including whom they needed to contact, and confirm that the information was destroyed before sending out letters.

Catalinich said by phone that the employee fulfilling the request did not properly check or uncheck a field in the county’s voter database to exclude the last four social security numbers associated with voters.

In a subsequent email, Catalinich assured that the county had put in safeguards to ensure that a similar error would not occur in the future.

“This human error was the result of two separate functions of elections administration – maintenance of our voter registration files and fulfilling data requests – being completed by one individual,” she wrote. “Several processes have been reviewed and altered to decrease the likelihood of this occurring, and new procedures have been put in place requiring a second individual to review the data requests before they are released.”

Personally identifiable information, such as partial Social Security numbers, is exempt from disclosure under federal and state laws.

In the letter to affected residents, Stevens included steps they could take against “potential misuse of your personal information,” including contacts for the Federal Trade Commission to report suspicious activity and methods to obtain a free credit report.

“This kind of mistake has never happened before, and we have enhanced our protocols to prevent this kind of mistake from occurring again,” the letter read.